I am very careful with my system but paranoia sets in and I’m not overly technical, is there any easy things to look at to rule out intrusion attempts?
Do you have reason to believe there was such attempt?
(I suppose the answer is “yes” - else you would not have asked
What was that reason(s)?
… beyond paranoia setting in
… system logs
to view them, journalctl
is the command
maybe run it with sudo
- it will show more/different events
modify it to review the logs by past reboots, by time frame, by keywords …
well I use KeePassXC, hardened with a Yubikey. It is probably the most critical thing on my computer and while I had it open, it seemed to make a few attempts to edit entries by itself, when it wasn’t even the window on top. No changes could be made because it requires my yubikey to make changes, but it sort of spooked me to think someone else might have access to that database
Ok, I brought up the log via sudo journalctl
funny enough, I don’t understand much of the entries but there is nothing in there after 20 july 2022, looks like when I switched from kernel 5.10 to 5.15
… if you are in doubt, for whatever reason
that may be valid for you but appear invalid to … me
… change your key - and your passwords
not to scare you - you already know …
covering tracks is part of such an intrusion
Ask yourself:
How likely is that scenario - am I a worthy target?
How would I become a target?
is a pretty weak description
and such a hack would not only target you specifically, but also make sure you would not just be able to accidentally spot it by looking at … what exactly?
my estimation:
very, very … very unlikely
so you did not modify or adjust the command
read the man (manual) page …
because it is indeed impossible that there are no entries in the log at all since that time
even every normal, uneventful, boot generates lots of entries
this really is a rabbit hole, do not venture more than you absolutely should. there are measures already put in place both by the kernel and the OS for reasonable prevention.
there are security auditing tools for recommendations on fool-proofing your setup, lynis(recommended);
https://wiki.archlinux.org/title/List_of_applications/Security#Threat_and_vulnerability_detection
besides that you can use rkhunter (possibly already installed) for rootkits and other backdoors, just ran a check be prepared for storm of warnings nothing significant;
https://wiki.archlinux.org/title/Rkhunter
and all inclusive security guide can be found at;
https://wiki.archlinux.org/title/Security